One of the more urgent of the exploits is found in Adobe Flash. As CNET described it:

The most critical vulnerability, described by Hacking Team in the information dump as the "most beautiful Flash bug for the last four years," is a ByteArray class user-after-free (UAF) vulnerability which can be used to override PC functions, change the value of objects and reallocate memory.

The vulnerability's proof-of-concept shows how the flaw can be exploited to open the Windows calculator, download and execute arbitrary malicious code on a victim's PC.

According to a researcher known online as Kafeine, the leaked Hacking Team exploit has already been integrated into three commercial exploit kits: Angler, Neutrino and Nuclear Pack.

A Malwarebytes blog added that, thanks to the details revealed in the Hacking Team hack:

This is one of the fastest documented case of an immediate weaponization in the wild.

Unfortunately, this may be the tip of the iceberg. There are likely many more vulnerabilities that The Hacking Team knew about but didn’t disclose, Grayson Milbourne, security intelligence director at Webroot, told me in an email comment. And this, Milbourne added, leads us to another problem: Those who discover exploits often have little motivation to disclose them to the software authors. He said:

While yes, there are some White Hats out there, and some companies (Google especially) have bounty programs to encourage the disclosure of these flaws, the vast majority of exploits are discovered for malicious purpose. And it isn’t just hackers who are discovering these exploits, governments are too as many APT analysis shows the widespread usage of zero day exploits in their attacks.

It’s proof, yet again, that the Internet is a risky place, and if we want to keep our systems safe, we have to depend on ourselves to practice better security. Like Milbourne told me, it’s great that Adobe produced a patch so quickly, but that patch isn’t going to keep anything secure if users aren’t updating the software when prompted.

I expect there will be more reports of urgent updates in the coming days and weeks, directly resulting from this one hack.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

IT Solutions Builder
TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

Please enable Javascript in your browser, before you post the comment! Now Javascript is disabled.

Post a comment

Your name/nickname

Your email

WebSite

Subject

(Maximum characters: 1200). You have 1200 characters left.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.